diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index dd819e9..3e934fa 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -25,11 +25,15 @@ class ApplicationController < ActionController::Base private def current_fuser - if session[:forum_user_id] and ForumUser.exists?(session[:forum_user_id]) - @current_fuser = ForumUser.find(session[:forum_user_id]) - else - nil - end + + @current_fuser ||= ForumUser.find_by_auth_token!(cookies[:forum_auth_token]) if cookies[:forum_auth_token] + + + #if session[:forum_user_id] and ForumUser.exists?(session[:forum_user_id]) + # @current_fuser = ForumUser.find(session[:forum_user_id]) + #else + # nil + #end end diff --git a/app/controllers/forum/auths_controller.rb b/app/controllers/forum/auths_controller.rb index dc85e21..54f8810 100644 --- a/app/controllers/forum/auths_controller.rb +++ b/app/controllers/forum/auths_controller.rb @@ -10,8 +10,20 @@ class Forum::AuthsController < ApplicationController @forum = true user = ForumUser.find_by_email(params[:email]) if user && user.authenticate(params[:password]) - session[:forum_user_id] = user.id + #session[:forum_user_id] = user.id + + + if params[:remember_me] + cookies.permanent[:forum_auth_token] = user.auth_token + else + cookies[:forum_auth_token] = user.auth_token + end + redirect_to forum_forum_topics_path, notice: "Connecté !" + + + + else flash.now.alert = "Email ou mot de passe incorect" render "new" @@ -19,7 +31,7 @@ class Forum::AuthsController < ApplicationController end def destroy - session[:forum_user_id] = nil + cookies.delete(:forum_auth_token) redirect_to forum_forum_users_path, notice: "Déconnecté." end end diff --git a/app/controllers/forum/password_resets_controller.rb b/app/controllers/forum/password_resets_controller.rb new file mode 100644 index 0000000..7dfc3a6 --- /dev/null +++ b/app/controllers/forum/password_resets_controller.rb @@ -0,0 +1,52 @@ +# -*- encoding : utf-8 -*- +class Forum::PasswordResetsController < ApplicationController + layout "connexion" + + def new + @forum = true + end + + def create + @forum = true + forum_user = ForumUser.find_by_email(params[:email]) + if forum_user + forum_user.reset_password_token = SecureRandom.urlsafe_base64(nil, false) + forum_user.reset_password_sent_at = Time.now + forum_user.save + ForumMails.reset_password(forum_user).deliver + redirect_to forum_forum_topics_path, notice: "Un message vient de vous être envoyé avec un lien pour réinitialiser votre mot de passe." + else + flash.now.alert = "Email incorect" + render "new" + end + end + + def edit + @forum = true + + @forum_user = ForumUser.find_by_reset_password_token(params[:id]) + + if @forum_user and @forum_user.reset_password_sent_at > Time.now - 1.day + + else + + end + end + + def update + @forum = true + + @forum_user = ForumUser.find_by_reset_password_token(params[:id]) + + if @forum_user.update_attributes(params.require(:forum_user).permit(:password, :password_confirmation)) + redirect_to forum_forum_topics_path, :notice => "Votre mot de passe a bien été changé, vous pouvez vous connecter dès maintenant." + + else + render :action => "edit" + end + + + + end + +end diff --git a/app/mailers/forum_mails.rb b/app/mailers/forum_mails.rb new file mode 100644 index 0000000..0634217 --- /dev/null +++ b/app/mailers/forum_mails.rb @@ -0,0 +1,16 @@ +class ForumMails < ActionMailer::Base + layout 'mail' + + default from: "Le Pic Vert " + + def reset_password(forum_user, options = {}) + @forum_user = forum_user + @options = options + mail(:to => forum_user.email, :from => @from, :subject => "Réinitialisation de votre mot de passe.") + end + + + + + +end diff --git a/app/models/forum_user.rb b/app/models/forum_user.rb index 0b689e1..a735938 100644 --- a/app/models/forum_user.rb +++ b/app/models/forum_user.rb @@ -14,27 +14,39 @@ class ForumUser < ActiveRecord::Base has_many :images, :class_name => "ForumUserImage", :order => "created_at DESC" belongs_to :sheet + + before_create { generate_token(:auth_token) } + attr_accessor :skip_sheet_validation + + def generate_token(column) + begin + self[column] = SecureRandom.urlsafe_base64 + end while ForumUser.exists?(column => self[column]) + end + before_validation do - if sheet_number? - @sheet = Sheet.where(:sheet_number => sheet_number).first - if !@sheet - errors.add :sheet_number, "Votre numéro adhérent n'est pas valide." + if !skip_sheet_validation + if sheet_number? + @sheet = Sheet.where(:sheet_number => sheet_number).first + if !@sheet + errors.add :sheet_number, "Votre numéro adhérent n'est pas valide." - else - self.sheet_id = @sheet.id + else + self.sheet_id = @sheet.id - if @sheet.last_year < Date.today.year - errors.add :sheet_number, "Votre cotisation n'est pas à jour, merci de nous contacter." - end + if @sheet.last_year < Date.today.year + errors.add :sheet_number, "Votre cotisation n'est pas à jour, merci de nous contacter." + end + end + + elsif self.id + + else + errors.add :sheet_number, "Vous devez saisir votre numéro adhérent (présent en bas de chaque mails)." end - - elsif self.id - - else - errors.add :sheet_number, "Vous devez saisir votre numéro adhérent (présent en bas de chaque mails)." end end end diff --git a/app/views/forum/auths/new.haml b/app/views/forum/auths/new.haml index 7b26a97..d3911cc 100644 --- a/app/views/forum/auths/new.haml +++ b/app/views/forum/auths/new.haml @@ -9,10 +9,15 @@ %p = label_tag :password, "Mot de passe :" = password_field_tag :password + %p + =check_box_tag :remember_me, 1,params[:remember_me] + = label_tag :password, "Rester connecter ?" %p= submit_tag "Se connecter", :class => "btn btn-primary" %p Pas encore inscrit ? =link_to "M'inscrire.", new_forum_forum_user_path + ="-" + =link_to "Mot de passe perdu ?", new_forum_password_reset_path \ No newline at end of file diff --git a/app/views/forum/password_resets/edit.haml b/app/views/forum/password_resets/edit.haml new file mode 100644 index 0000000..2b2e477 --- /dev/null +++ b/app/views/forum/password_resets/edit.haml @@ -0,0 +1,13 @@ +=image_tag("logo.png", :style => "width:200px;display:block;margin:auto;margin-bottom:2em;") + +%h1 Mot de passe perdu +%p Vous pouvez définir votre nouveau mot de passe ci-dessous : += semantic_form_for @forum_user, :url => forum_password_reset_path(params[:id]) do |f| + =f.inputs do + + = f.input :password, :label => "Mot de passe" + = f.input :password_confirmation, :label => "Confirmation" + + %br + =f.submit "Sauvegarder", :class => "btn btn-primary" + \ No newline at end of file diff --git a/app/views/forum/password_resets/new.haml b/app/views/forum/password_resets/new.haml new file mode 100644 index 0000000..d5941b3 --- /dev/null +++ b/app/views/forum/password_resets/new.haml @@ -0,0 +1,17 @@ +=image_tag("logo.png", :style => "width:200px;display:block;margin:auto;margin-bottom:2em;") + +%h1 Mot de passe perdu + += form_tag forum_password_resets_path do + %p + = label_tag :email, "email :" + = text_field_tag :email, params[:email] + + %p= submit_tag "Se connecter", :class => "btn btn-primary" + + %p + + =link_to "Pas encore inscrit ?", new_forum_forum_user_path + ="-" + =link_to "Connexion", new_forum_auth_path + \ No newline at end of file diff --git a/app/views/forum_mails/reset_password.html.haml b/app/views/forum_mails/reset_password.html.haml new file mode 100644 index 0000000..ea1c40a --- /dev/null +++ b/app/views/forum_mails/reset_password.html.haml @@ -0,0 +1,11 @@ +%p + Bonjour, +%p + Vous avez fait une demande sur le forum de l'association "Le Pic Vert" pour réinitialiser votre mot de passe. +%p + Vous pouvez suivre ce lien pour définir votre nouveau mot de passe : +%p{:style => "text-align:center;"} + -url = edit_forum_password_reset_url(:id => @forum_user.reset_password_token) + =link_to url, url +%p A bientôt ! +%p L'équipe du forum. \ No newline at end of file diff --git a/config/routes.rb b/config/routes.rb index ab5afa1..cfff28b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -71,6 +71,7 @@ Survey::Application.routes.draw do resources :forums resources :forum_categories resources :forum_users + resources :password_resets resources :forum_user_images do member do get :rotate diff --git a/db/migrate/20140619095558_add_auth_token_to_forum_users.rb b/db/migrate/20140619095558_add_auth_token_to_forum_users.rb new file mode 100644 index 0000000..d035a48 --- /dev/null +++ b/db/migrate/20140619095558_add_auth_token_to_forum_users.rb @@ -0,0 +1,13 @@ +class AddAuthTokenToForumUsers < ActiveRecord::Migration + def change + add_column :forum_users, :auth_token, :string + + ForumUser.all.each do |fu| + fu.generate_token(:auth_token) + + fu.skip_sheet_validation = true + fu.save + + end + end +end diff --git a/db/schema.rb b/db/schema.rb index b6ebfd8..d6b6b7a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20140413122412) do +ActiveRecord::Schema.define(version: 20140619095558) do create_table "admins", force: true do |t| t.string "email", default: "", null: false @@ -131,6 +131,7 @@ ActiveRecord::Schema.define(version: 20140413122412) do t.datetime "last_new_message_notification" t.boolean "new_message_on_my_topics_notification" t.datetime "last_new_message_on_my_topics_notification" + t.string "auth_token" end create_table "forums", force: true do |t|